A partial volume image is a targeted forensic copy of specific sections of a storage device rather than the entire disk.

It is used when only certain data is relevant to an investigation, saving time and storage space.
Real-Life Example:
Case: A company experiences a data breach where sensitive client records are suspected to be stolen.
Forensic Investigation Steps:
1️⃣ Investigators analyze the suspect’s work laptop but do not need the entire hard drive.
2️⃣ They create a partial volume image of the "Documents" folder, containing confidential files, instead of cloning
the whole disk.
3️⃣ Deleted file recovery tools are used on that specific volume to retrieve erased contracts and emails.
4️⃣ The recovered data provides evidence of unauthorized access and data theft, confirming the breach.
A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined security rules. It
acts as a barrier between a trusted internal network and untrusted external networks (e.g., the internet) to prevent cyber threats.
Types of Firewalls & Their Contribution to Network Security
1️⃣ Packet Filtering Firewall
• Examines incoming and outgoing data packets based on rules (IP address, port, protocol).
• Fast & efficient Limited security (no deep inspection)
• Example: Blocks access to restricted websites by filtering specific IPs.
2️⃣ Stateful Inspection Firewall legal
• Tracks active connections and ensures only legitimate packets pass through.
• More secure than packet filtering Can slow down traffic
• Example: Allows responses from visited websites but blocks unsolicited traffic.
mistrustful,
3️⃣ Proxy Firewall (Application-Level Gateway)
• Acts as an intermediary between users and the internet, filtering requests.
• Deep content inspection Slower performance
• Example: Used in corporate networks to prevent employees from accessing malicious sites.
4️⃣ Next-Generation Firewall (NGFW)
• Combines traditional firewalls with advanced features like intrusion prevention (IPS) and deep packet inspection (DPI).
• Highly secure with real-time threat detection Expensive
• Example: Detects malware in email attachments before they reach users.
5️⃣ Cloud-Based Firewall
• Hosted on the cloud, providing security across multiple locations.
• Scalable & ideal for remote workforces Dependent on internet connectivity
• Example: Protects cloud applications from cyberattacks.
Difference Between Symmetric and Asymmetric Key Cryptography

Feature Symmetric Key Cryptography Asymmetric Key Cryptography

Uses a single key for encryption & Uses a pair of keys – Public Key
Key Usage
decryption. (encryption) & Private Key (decryption).
Slower due to complex mathematical
Speed Faster as encryption is simple.
operations.
Less secure (key must be shared More secure (no need to share the
Security
securely). private key).
Best for encrypting large amounts of Best for secure communication &
Use Case
data. authentication.
AES, DES, Blowfish (Data Encryption Standard) RSA, ECC, Diffie-Hellman(Elliptic Curve
Example Algorithms Cryptography
(Advanced Encryption Standard) )

1️⃣ Symmetric Key Cryptography Example:

• Wi-Fi Security (WPA2 encryption): Uses AES (Advanced Encryption Standard) to encrypt wireless communication
between a device and a router.
2️⃣ Asymmetric Key Cryptography Example:
• SSL/TLS in Websites: When you visit a secure website (HTTPS), your browser encrypts data using the website’s
public key, and the website decrypts it using its private key.
Symmetric Key Cryptography Examples
Uses one key for both encryption and decryption.
1️⃣ AES (Advanced Encryption Standard) Example
Example: Securing Wi-Fi Networks (WPA2/WPA3)
• When you connect to a Wi-Fi network secured with WPA2/WPA3, your device and the router use AES encryption to protect data.
• This ensures that hackers cannot intercept your internet traffic.
2️⃣ DES (Data Encryption Standard) Example
Example: Legacy ATM Transactions
• Some older ATM machines used DES encryption to protect PINs during transactions.
• However, DES is now considered weak due to advances in computing power.
3️⃣ Blowfish Example
Example: Password Hashing in Linux
• Many Linux systems use Blowfish to encrypt passwords in login authentication systems.
• The algorithm is fast and secure, making it ideal for storing hashed passwords.

Asymmetric Key Cryptography Examples

Uses a public key for encryption and a private key for decryption.
1️⃣ RSA (Rivest-Shamir-Adleman) Example
Example: Secure Website Communication (HTTPS/SSL/TLS)
• When you visit a secure website (HTTPS), your browser encrypts data using the website's public RSA key.
• The server decrypts it using its private RSA key, keeping your login credentials and credit card details safe.
2️⃣ ECC (Elliptic Curve Cryptography) Example
Example: Secure Messaging Apps (Signal & WhatsApp)
• WhatsApp & Signal use ECC encryption for end-to-end encryption.
• This ensures that only the sender and receiver can read the messages, even if intercepted.
3️⃣ Diffie-Hellman Key Exchange Example
Example: VPN Secure Communication
• VPN services use the Diffie-Hellman algorithm to securely exchange encryption keys between your device and VPN server.
• This protects your internet traffic from hackers and government surveillance.
1️⃣ Risk
What is it?
A risk is the chance of something bad happening in a system due to a weak point (vulnerability).
Example:
A company stores customer data without a password. There is a risk that hackers could steal the data.

2️⃣ Threat
What is it?
A threat is something that can cause harm to a system, like hackers, malware, or even natural disasters.
Example:
A hacker creates a virus that can steal information from computers. This virus is a threat.

3️⃣ Breach
What is it?
A breach happens when an unauthorized person gets access to a system or data.
Example:
A hacker breaks into a company’s database and steals customer information. This is a data breach.

4️⃣ Attack
What is it?
An attack is when someone tries to break into a system or steal data using different techniques.
Example:
A hacker sends fake emails to employees, tricking them into giving their passwords. This is a cyber attack.
A zombie computer is a device that has been infected with malware and is remotely controlled by a hacker without the
owner's knowledge. These compromised systems are often used in botnets to carry out large-scale cyberattacks.
How Zombies Work in Malware Attacks:
1️⃣ Infection – Malware (e.g., trojans, worms) secretly infects a computer.
2️⃣ Remote Control – Hackers use Command and Control (C&C) servers to control the zombie device.
3️⃣ Execution of Attacks – The infected device is used for:
• DDoS Attacks – Overloading servers to crash websites.
• Spam & Phishing – Sending malicious emails.
• Data Theft – Stealing sensitive user information.
Example:
A user unknowingly downloads a malicious email attachment, turning their PC into a zombie. The hacker then uses it to
send spam emails or participate in a DDoS attack.
Conclusion

Cyber evidence refers to any digital data or information that can be used as proof in a legal investigation related to
cybercrimes. It includes electronically stored information (ESI) collected from various digital sources.
Types of Cyber Evidence:
1️⃣ Emails & Messages – Fraudulent emails, chat logs, or phishing attempts.
2️⃣ Logs & Metadata – System logs, timestamps, and IP addresses.
3️⃣ Digital Files – Documents, images, or videos stored on devices.
4️⃣ Network Traffic Data – Data packets showing unauthorized access or hacking attempts.
5️⃣ Hard Drives & Storage Media – Data recovery from computers, USB drives, and cloud storage.
The CIA Triad is a fundamental model in cybersecurity that ensures the protection of digital information. It consists of
three key principles:
1️⃣ Confidentiality – Ensures that sensitive data is accessed only by authorized users.
• Example: Encryption is used to protect personal banking details.
2️⃣ Integrity – Maintains the accuracy and reliability of data, preventing unauthorized modifications.
• Example: Checksums and digital signatures verify data authenticity.
3️⃣ Availability – Ensures that data and systems are accessible when needed.
• Example: Backup servers prevent downtime during cyberattacks.

•Two Primary Applications of Cryptography

•1️⃣ Data Security (Confidentiality & Integrity)
•Protects sensitive information from unauthorized access and modifications.
•Example: End-to-End Encryption in messaging apps like WhatsApp ensures only the sender and receiver can read
messages.
•2️⃣ Authentication & Verification
•Confirms the identity of users and ensures data authenticity.
•Example: Digital Signatures verify the sender’s identity in online transactions and emails.
What is a Digital Signature?
A digital signature is an electronic version of a handwritten signature that ensures the authenticity and integrity of
digital documents and messages. It is created using cryptographic algorithms to prevent tampering or forgery. GALSAGE

How Digital Signatures Work?

1️⃣ A sender creates a message/document (e.g., an email or contract).
2️⃣ A hash (unique fingerprint) of the message is generated using a hashing algorithm (e.g., SHA-256).
3️⃣ The hash is encrypted using the sender’s private key to create a digital signature.
4️⃣ The message and the digital signature are sent to the receiver.
5️⃣ The receiver decrypts the signature using the sender’s public key to verify authenticity.
6️⃣ The receiver recalculates the hash of the message and compares it with the decrypted hash.
• If both match, the message is authentic and unchanged.
• If they don’t match, the message has been altered or is from an imposter.
How Digital Signatures Provide Authentication & Non-Repudiation?
Authentication
• Ensures the sender is who they claim to be.
• Uses public-key cryptography (e.g., RSA, ECC) to verify identity.
Integrity
• Prevents message tampering by detecting even small changes.
Non-Repudiation
• The sender cannot deny sending the signed document because only their private key could have created the signature.
• Legally binding in e-signatures & contracts (e.g., DocuSign).
Real-Life Applications of Digital Signatures
Secure Emails & Documents – Used in Gmail, Outlook, and PDFs to verify sender identity.
Online Transactions – Banks use digital signatures to secure payments.
Government & Legal Documents – Used in Aadhaar (India) & e-Passports.
Blockchain & Cryptocurrencies – Bitcoin transactions use digital signatures for verification.
IPSec (Internet Protocol Security) is a security protocol used to protect data sent over IP networks by encrypting and
authenticating packets. It ensures confidentiality, integrity, and authentication in network communication.

Key Features of IPSec

1️⃣ Encryption – Protects data from being read by unauthorized users.
2️⃣ Authentication – Verifies that the sender and receiver are legitimate. supportable
3️⃣ Integrity Checking – Ensures data is not altered during transmission.
4️⃣ Secure Key Exchange – Uses cryptographic keys to establish a secure connection.

How IPSec Works (Example: Secure VPN Connection)

Scenario: A remote employee connects to the company’s internal network using a VPN (Virtual Private Network)
secured by IPSec.
1️⃣ Tunnel Establishment:
• The employee's computer initiates a secure connection with the company’s VPN server.
• IPSec uses the IKE (Internet Key Exchange) protocol to authenticate both parties.
2️⃣ Encryption & Authentication:
• IPSec encrypts data packets using algorithms like AES or 3DES.
• The server verifies the sender’s identity using digital certificates or pre-shared keys.
3️⃣ Secure Data Transmission:
• Encrypted data packets travel securely over the internet.
• The company’s VPN server decrypts the packets and forwards them to the internal network.
4️⃣ Data Integrity Check:
• IPSec ensures that the data is not tampered with using hash functions (HMAC-SHA256).
IPSec Modes
Transport Mode – Encrypts only the data (payload) of the packet (Used in end-to-end communication).
Tunnel Mode – Encrypts the entire packet (Used in VPNs for secure remote access).

Real-World Applications of IPSec

VPN Security – Protects remote employees accessing company networks.
Secure Online Transactions – Used in banking and e-commerce.
Site-to-Site Connections – Ensures secure communication between branch offices.
Difference Between IPSec and IP

Feature IP (Internet Protocol) IPSec (Internet Protocol Security)

A communication protocol that routes A security protocol that encrypts and
Definition data packets between devices over a authenticates IP packets for secure
network. communication.
Focuses on sending and delivering Focuses on securing data
Purpose
data over networks. transmission over IP networks.
No built-in security (data can be Provides encryption, authentication,
Security
intercepted and modified). and integrity for secure data transfer.
Protects data from unauthorized
Identifies and delivers packets to the
Function access, tampering, and
correct destination using IP addresses.
eavesdropping.
No encryption, data is sent in plain Uses encryption algorithms like AES,
Encryption
text. 3DES for confidentiality.
Why is Physical Security Essential for Organizational Assets?
Physical security is crucial in protecting organizational assets, such as servers, databases, and sensitive documents,
from unauthorized access, theft, or damage. Without proper physical security, even the strongest cybersecurity
measures can be bypassed.
Maintains Integrity – Prevents tampering or damage to critical infrastructure.
Ensures Confidentiality – Protects sensitive data from unauthorized access.
Prevents Downtime – Reduces the risk of operational disruptions due to theft or sabotage.
Protects Against Environmental Hazards – Safeguards assets from fire, floods, and other disasters.
Common Physical Security Measures in Data Centers
1️⃣ Access Control Systems –
Biometric authentication (fingerprint, iris scan)
Key cards & PIN-based entry
2️⃣ Surveillance & Monitoring –
CCTV cameras for 24/7 monitoring
Security guards to check visitor access
3️⃣ Secure Facility Design –
Limited entry points to prevent unauthorized access
Mantraps (double-door security system) to control movement
4️⃣ Environmental Controls –
Fire suppression systems (sprinklers, gas-based suppression)
Temperature & humidity control to protect hardware
5️⃣ Backup Power & Redundancy –
Uninterruptible Power Supply (UPS) to prevent power outages
Backup generators for emergency power
6️⃣ Physical Barriers –
Fences, security gates, and reinforced walls
Bulletproof windows for high-security zones
7️⃣ Data Protection Measures –
Locked server racks to prevent unauthorized access
Shredding of sensitive documents before disposal
A Virtual Private Network (VPN) is a technology that creates a secure, encrypted tunnel over the internet, allowing
users to safely connect to private networks remotely. VPN security ensures that data remains private and protected
from cyber threats while in transit. permeation
Encrypts Data – Prevents unauthorized access.
Hides IP Address – Enhances anonymity and privacy.
Prevents Eavesdropping – Protects against hackers and snooping.
Ensures Data Integrity – Prevents tampering with transmitted information.

How VPN Enhances Remote Connection Security

1️⃣ Encryption – Uses protocols like IPSec, OpenVPN, or WireGuard to encrypt traffic.
2️⃣ Authentication – Requires login credentials, multi-factor authentication (MFA), and certificates.
3️⃣ Secure Remote Access – Allows employees to securely connect to company networks from any location.
4️⃣ Data Integrity – Prevents unauthorized changes to data in transit.
5️⃣ Protection Against Cyber Threats – Shields users from man-in-the-middle (MITM) attacks.
Role of Firewalls in VPN Implementations
Firewalls act as a security barrier between trusted (internal) and untrusted (external) networks. In VPN
implementations, firewalls help:
Allow or block VPN traffic – Ensures only authorized users can access the network.
Prevent unauthorized access – Blocks untrusted connections and malicious activities.
Filter VPN protocols – Controls IPSec, SSL, or OpenVPN traffic for security.
Monitor & log traffic – Tracks VPN activity to detect anomalies.
Restrict VPN split tunneling – Ensures all data flows through the secure VPN.
Ransomware is a type of malware that encrypts files on a victim's system, making them inaccessible until a ransom is
paid to the attacker. Cybercriminals use ransomware to extort money from individuals, businesses, and even
government organizations by demanding cryptocurrency payments in exchange for the decryption key.

How Does Ransomware Encrypt Files?

Ransomware uses strong encryption algorithms (e.g., AES, RSA) to lock files. The process typically follows these steps:
1️⃣ Execution – The victim unknowingly downloads or opens a ransomware file (via email, malicious link, or software
exploit).
2️⃣ File Encryption – The ransomware scans the system and encrypts targeted files.
3️⃣ Ransom Note – A message appears demanding payment in cryptocurrency (e.g., Bitcoin) for the decryption key.
4️⃣ Extortion – Attackers threaten to delete files or leak sensitive data if the ransom is not paid.

Typical Ransomware Attack Lifecycle

1️⃣ Infection – How Ransomware Spreads
Phishing Emails – Malicious attachments or links trick users into downloading malware.
Exploit Kits – Hackers exploit system vulnerabilities to install ransomware.
Malicious Websites & Ads – Drive-by downloads infect systems without user interaction.
USBs & Network Spreading – Some ransomware can spread laterally across networks.
2⃣ Execution & File Encryption
Once executed, ransomware runs in the background and starts encrypting files on the system.
It targets specific file types (e.g., documents, images, databases).
Uses asymmetric encryption (RSA) or symmetric encryption (AES) to lock files.
3️⃣ Ransom Demand & Extortion
A ransom note is displayed (e.g., “Your files are encrypted! Pay $500 in Bitcoin to decrypt.”).
Attackers set a deadline, threatening to delete or leak files if payment is not made.
4️⃣ Payment & Decryption (Optional)
Victims may pay the ransom, but there is no guarantee of file recovery.
Some organizations recover data from backups instead.
Security experts and law enforcement advise against paying, as it funds criminal activity.
Real-Life Example: WannaCry Ransomware Attack (201️7)
What Happened? – WannaCry infected over 230,000 computers worldwide in 1️50+ countries.
How? – It exploited a Windows vulnerability (EternalBlue).
Impact –
UK hospitals were forced to cancel surgeries.
Businesses lost millions due to downtime.
Victims were asked to pay $300–$600 in Bitcoin.
Resolution – Microsoft released patches, and a security researcher accidentally stopped the attack by discovering a kill switch.
How to Protect Against Ransomware?
Backup Data Regularly – Store backups offline.
Avoid Suspicious Emails & Links – Do not open unknown attachments.
Keep Software Updated – Patch system vulnerabilities.
Use Strong Security Tools – Install antivirus & firewalls.
Enable Multi-Factor Authentication (MFA) – Secure user accounts.
Web services like SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) enable
communication between applications over the internet. However, they require strong security measures to protect data,
authentication, and prevent cyber threats.
 Key Differences in Security Implementations
SOAP Security
• Uses WS-Security to secure messages at the application layer.
• Provides end-to-end security with XML encryption and digital signatures.
• Preferred for high-security applications (e.g., banking, government services).
REST Security
• Relies on TLS (HTTPS) encryption to secure data in transit.
• Uses OAuth2, JWT, and API keys for authentication and access control.
• Preferred for modern web and mobile applications due to simplicity and scalability.

Best Practices for Securing Web Services

Use HTTPS (TLS 1️.2/1️.3) – Encrypts data during transmission.
Implement Strong Authentication – Use OAuth2, JWT, or API keys.
Validate & Sanitize Input – Prevents SQL injection, XML injection, and XSS attacks.
Limit API Requests (Rate Limiting) – Prevents DDoS attacks.
Use Web Application Firewalls (WAFs) – Filters malicious traffic.
Monitor and Log API Access – Detects unauthorized access and anomalies.
The Internet of Things (IoT) connects smart devices, sensors, and systems to the internet for automation and real-time
data exchange. However, the vast connectivity and data sharing introduce security risks, making IoT devices
vulnerable to cyber threats, hacking, and data breaches.

Security Considerations in IoT

To ensure IoT security, the following aspects must be addressed:
Device Authentication – Prevents unauthorized access using strong authentication methods.
Data Encryption – Ensures confidentiality and integrity of data in transit and at rest.
Secure Communication Protocols – Uses secure standards like TLS/SSL, MQTT with authentication.
Firmware & Software Updates – Regular patching prevents exploitation of vulnerabilities.
Access Control – Implements role-based or least-privilege access policies.
Network Security – Uses firewalls, IDS/IPS, and VPNs to secure IoT networks.

Challenges in IoT Security

Despite security measures, IoT faces numerous challenges:
1️⃣ Weak Authentication & Authorization
Many IoT devices use default usernames and passwords, making them easy targets.
Poor access control can allow unauthorized users to manipulate devices.
Solution:
Implement strong authentication (MFA, OAuth2, digital certificates).
Enforce unique, complex passwords and regular password updates.
2️⃣ Lack of Encryption
Many IoT devices transmit unencrypted data, exposing sensitive information.
Solution:
Use end-to-end encryption (AES-256, TLS/SSL) to protect data.
Secure firmware updates to prevent tampering.

3. Insecure Firmware & Software

Unpatched vulnerabilities in IoT firmware can be exploited by hackers.
Many IoT devices lack update mechanisms or do not receive regular patches.
Solution:
Enable automatic updates for IoT devices.
Regularly monitor for firmware vulnerabilities and patch them.
4️⃣ IoT Botnets & DDoS Attacks
Compromised IoT devices can form botnets (e.g., Mirai Botnet) to launch massive DDoS attacks.
Solution:
Use firewalls and intrusion detection systems (IDS/IPS) to detect malicious traffic.
Implement rate limiting and anomaly detection to prevent botnet activity.
⃣ 5Privacy Risks & Data Exposure
IoT devices collect personal data, making privacy a major concern.
Unauthorized access to IoT data can lead to identity theft and surveillance.
Solution:
Follow data minimization principles – collect only necessary data.
Implement privacy-by-design in IoT development.
 How to Address IoT Security Challenges?
Secure Boot & Firmware Updates – Prevents unauthorized modifications.
Use AI & Machine Learning for Threat Detection – Identifies suspicious activities.
Segment IoT Networks – Isolates IoT devices from critical systems.
Zero Trust Security Model – Verifies every access request before granting permissions.
Regulatory Compliance – Follow NIST, GDPR, and ISO 27001️ security standards.

India has a rapidly expanding digital ecosystem with 1️.2+ billion mobile users, a growing internet economy, and
increasing dependence on e-governance, digital banking, and smart infrastructure. However, this expansion also
brings rising cyber threats, such as data breaches, hacking, and ransomware attacks.
To tackle these challenges, the Government of India introduced the National Cyber Security Policy (NCSP) 201️3,
aimed at strengthening the country’s cybersecurity infrastructure.

National Cyber Security Policy (NCSP) 201️3

Objectives of NCSP 201️3
Ensure a secure cyber ecosystem in India.
Protect critical infrastructure (e.g., banking, defense, power grids).
Strengthen cybersecurity laws and frameworks.
Promote cybersecurity awareness and skill development.
Encourage R&D in cybersecurity technologies.
 Key Initiatives & Strategies
Creating a National Cyber Coordination Centre (NCCC) – To monitor cyber threats in real time.
Strengthening CERT-In (Indian Computer Emergency Response Team) – To handle and respond to cyber
incidents.
Public-Private Partnerships (PPP) – Collaborating with industries for better cybersecurity practices.
Cybersecurity Skill Development – Training cybersecurity professionals to meet growing demands.
Developing Secure ICT Products – Encouraging indigenous security technology.
Cybercrime Prevention & Legal Frameworks – Strengthening cyber laws under IT Act 2000.
Encouraging International Cyber Cooperation – Collaborating with global cybersecurity organizations.

Challenges & The Need for an Updated Policy

Since 201️3, India’s digital landscape has evolved with 5G, AI, IoT, and cloud computing, increasing the risk of
cyberattacks. A new National Cyber Security Strategy (NCSS) 2021️ is being formulated to enhance security
frameworks and address emerging threats.
Cyber forensics (also known as digital forensics) is the process of collecting, analyzing, and preserving digital
evidence from computers, networks, and digital devices to investigate cybercrimes. It helps in identifying hackers,
tracing cyberattacks, and recovering lost data while maintaining legal integrity.

Why is Cyber Forensics Needed in Cybersecurity?

With the rise in cyber threats like hacking, data breaches, ransomware, and identity theft, cyber forensics plays a
crucial role in:
Identifying Cybercriminals – Traces hackers and malicious actors.
Recovering Deleted Data – Helps restore lost or deleted files.
Preventing Future Attacks – Analyzes attack patterns to strengthen security.
Legal Evidence Collection – Provides admissible digital evidence in courts.
Ensuring Compliance – Helps organizations comply with cyber laws (IT Act, GDPR).
 Importance in Investigating Cybercrimes
Cyber forensics is essential in solving cybercrimes like:
Hacking & Data Breaches – Traces unauthorized access and secures compromised systems.
Online Fraud & Financial Crimes – Tracks fraudulent transactions and phishing attacks.
Ransomware Attacks – Analyzes malware and helps in data recovery.
Identity Theft – Identifies the source of stolen credentials and fake profiles.
Intellectual Property Theft – Recovers leaked corporate data and trade secrets.
When data is sent over a network, it is broken into small units called packets. A packet sniffer (also called a protocol
analyzer) captures these packets to analyze their contents.
Packet sniffing tools like Wireshark, tcpdump, and Ettercap can be used to inspect network traffic.

Uses of Packet Sniffing

Legitimate Uses
• Network troubleshooting – Diagnosing connectivity and performance issues.
• Security monitoring – Detecting intrusions, malware, or unauthorized access.
• Performance analysis – Optimizing bandwidth usage.
Malicious Uses
• Eavesdropping – Capturing sensitive data like passwords, emails, and credit card details.
• Man-in-the-Middle (MITM) attacks – Intercepting and modifying communication.
• Session hijacking – Stealing active user sessions.

Protection Against Packet Sniffing

Use encrypted connections (SSL/TLS, HTTPS, VPN).
Implement network segmentation and secure Wi-Fi protocols (WPA3).
Deploy Intrusion Detection Systems (IDS) to identify sniffing attempts.
Network session analysis is the process of monitoring and examining active network sessions to understand
communication between devices, detect anomalies, and ensure security.

Key Aspects
Session Identification – Tracks communication between two endpoints (IP addresses, ports).
Traffic Monitoring – Analyzes data flow, duration, and patterns.
Anomaly Detection – Identifies suspicious activities like unauthorized access or data exfiltration.
Performance Optimization – Helps in troubleshooting network issues and improving efficiency.

Uses of Network Session Analysis

Cybersecurity – Detects hacking attempts, malware communication, and data breaches.
Incident Response – Helps in forensic investigations after a cyberattack.
Network Performance – Optimizes bandwidth and identifies bottlenecks.
OS Hardening ( कठोर प्रक्रिया ) Steps
Update OS Regularly – Apply security patches & enable auto-updates.
Strong Authentication – Use MFA, strong passwords, & disable unused accounts.
Firewall & Network Security – Enable firewalls, restrict ports & services.
Install Security Software – Use antivirus, IDS/IPS for real-time protection.
Least Privilege Access – Grant only necessary permissions (RBAC).
Disable Unused Services – Reduce attack surfaces.
Encrypt Data – Use BitLocker, LUKS for secure storage.
Monitor & Audit Logs – Detect anomalies via SIEM tools.
Secure Browsing & Email – Avoid phishing, use ad blockers.
Regular Backups – Ensure data recovery & disaster planning.

An insider attack occurs when a trusted individual within an organization misuses their access privileges to steal,
manipulate, or destroy sensitive data or systems. This person could be an employee, contractor, or business partner
with internal access.

Types of Insider Attacks

1️⃣ Malicious Insider – Deliberately harms the organization for revenge or profit. (बदला REVANGE
2️⃣ Negligent Insider – Carelessly exposes sensitive data (e.g., weak passwords).
3️⃣ Compromised Insider – An external hacker controls an insider’s credentials.
A Trojan Horse is a type of malware that disguises itself as legitimate software to trick users into installing it. Once
activated, it can:
Steal sensitive data
Provide remote access to hackers
Download additional malware
Disrupt system operations
How Trojan Horses Work?
1️⃣ The victim downloads or installs a seemingly harmless application.
2️⃣ The malicious code inside the Trojan executes in the background.
3️⃣ It steals data, installs spyware, or opens backdoors for hackers.
Example of a Trojan Horse
Zeus Trojan – A banking Trojan that steals financial credentials by logging keystrokes and modifying web pages.
What is a Backdoor?
A Backdoor is a hidden entry point in a system that allows attackers to bypass security mechanisms and gain
unauthorized remote access. It can be installed:
Intentionally by developers for system maintenance
Maliciously by hackers using malware like Trojans
How Backdoors Work?
1️⃣ A hacker infects a system with malware or exploits a vulnerability.
2️⃣ The backdoor is installed to maintain persistent access.
3️⃣ The hacker can now control the system remotely without the user’s knowledge.
Example of a Backdoor
DarkComet – A remote access Trojan (RAT) that creates a backdoor, allowing cybercriminals to control infected
devices, steal data, and activate webcams.
 Key Differences Between Worms & Viruses

Feature Worm Virus

A self-replicating malware that A malware that attaches itself to files

Definition
spreads without user intervention and spreads when executed

Spreads through networks, emails,

Requires a user to execute an
Propagation Method and USB drives without human
infected file or program
action

Exploits network vulnerabilities to Attaches itself to programs,

Infection Target
spread across systems documents, or system files

Consumes network bandwidth, Corrupts or deletes files, causes

Harmful Effects slows systems, and can install system crashes, and spreads
additional malware malware

User Involvement No user action required for spreading Requires user action to activate

Steganography is the technique of hiding secret data inside a non-secret file or message to avoid detection. Unlike
encryption, which scrambles data into unreadable formats, steganography conceals the existence of the data itself.
SQL Injection (SQLi) is a cyber attack where hackers inject malicious SQL queries into a website’s database input
fields to gain unauthorized access, modify, or delete data. It is one of the most dangerous web security
vulnerabilities and can lead to severe data breaches.
How Does SQL Injection Work?
1️⃣ The attacker finds an input field (such as a login form, search bar, or URL parameter) on a website that directly
interacts with a database.
2️⃣ Instead of entering valid input, they enter a malicious SQL query.
3️⃣ If the application does not properly validate or sanitize input, the SQL query gets executed by the database.
4️⃣ The attacker can then view, modify, or delete data, and in severe cases, gain full control of the database.

Types of SQL Injection

Union-Based SQLi – Extracts data using the UNION statement. SELECT username, password FROM users WHERE id = 1 UNION SELECT
Blind SQLi – Uses true/false conditions to infer information. credit_card, cvv FROM payments;

Error-Based SQLi – Exploits error messages to reveal database details.

Out-of-Band SQLi – Uses external channels (e.g., DNS, HTTP) for data exfiltration.

SELECT * FROM users WHERE username = 'admin' AND IF(1=1, sleep(5), 'false');
HTTP applications are vulnerable असर ु क्षि त to various cyber threats that can compromise data integrity,
confidentiality, and availability. Securing them is crucial to protect users and organizations.

Key Reasons for Securing HTTP Applications

1️. Prevent Data Theft
Hackers can intercept unencrypted HTTP traffic and steal sensitive information (passwords, credit card
details).
Solution: Use HTTPS (SSL/TLS encryption) to secure data transmission.
2. Protect Against Cyber Attacks
Common attacks include:
• SQL Injection – Injecting malicious queries to access databases.
• Cross-Site Scripting (XSS) – Injecting harmful scripts into web pages.
• Cross-Site Request Forgery (CSRF) – Forcing users to perform unwanted actions.
Solution: Implement input validation, sanitization, and security headers.
3. Ensure User Trust & Compliance
Securing HTTP apps builds trust and ensures compliance with regulations like GDPR, PCI-DSS.
Solution: Follow security best practices and implement secure authentication.
4. Mitigate DDoS Attacks
Attackers may overload web servers to disrupt services.
Solution: Use firewalls, rate limiting, and DDoS protection services.
5. Prevent Unauthorized Access
Weak authentication can lead to account takeovers.
Solution: Use multi-factor authentication (MFA) and strong password policies.
Intrusion Detection and Prevention Systems (IDPS) are cybersecurity tools designed to monitor, detect, and
prevent unauthorized activities or attacks on a network or system. These techniques help protect against malware,
hacking attempts, insider threats, and unauthorized access.

1️. Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) monitors network traffic and system activities to detect suspicious behavior
and generate alerts. It does not take action but informs administrators of potential threats.
Types of IDS:
Network-Based IDS (NIDS) – Monitors network traffic for suspicious activity (e.g., Snort).
Host-Based IDS (HIDS) – Runs on individual devices and monitors system logs and processes (e.g., OSSEC).
Detection Methods:
Signature-Based Detection – Identifies attacks by comparing patterns with a known database (e.g., antivirus
software).
Anomaly-Based Detection – Detects unusual behavior based on system baselines (e.g., AI-based threat
detection).
Limitations of IDS:
False Positives – Normal activities may trigger alerts.
Cannot Prevent Attacks – IDS only detects but does not block threats.
An Intrusion Prevention System (IPS) is an advanced form of IDS that actively blocks threats in real time. It
monitors traffic, detects attacks, and takes automatic action (e.g., blocking malicious IP addresses).
Types of IPS:
Network-Based IPS (NIPS) – Monitors and blocks malicious network traffic.
Host-Based IPS (HIPS) – Protects individual devices from exploits and malware.
Prevention Methods:
Packet Filtering – Blocks suspicious IPs or packets.
Deep Packet Inspection (DPI) – Analyzes the content of packets to detect hidden threats.
Behavioral Analysis – Uses AI to identify new and evolving cyber threats.
Advantages of IPS:
Real-Time Threat Blocking – Prevents attacks before they reach the target.
Reduces False Positives – More accurate than IDS.
Protects Against Zero-Day Attacks – Uses AI to detect new threats.

3. Combined IDS/IPS Systems

Modern security solutions integrate both IDS and IPS for better detection and prevention. Example:
Next-Generation Firewalls (NGFWs) – Combine firewall, IDS, IPS, and threat intelligence for advanced
protection.
 Difference Between DAC & MAC

Feature Discretionary Access Control (DAC) Mandatory Access Control (MAC)

Access is strictly controlled by a
Access is granted based on the
Definition central authority, based on security
discretion of the resource owner.
labels.
Owners decide who can access their The system enforces strict policies,
Control
files/resources. users cannot change permissions.
Flexibility More flexible, but less secure. More secure, but less flexible.
Uses Access Control Lists (ACLs) & Uses Security Labels and
Implementation
User Permissions. Classification Levels.
Lower security (prone to insider threats Higher security (used in military and
Security Level
& malware attacks). government systems).
A government system where only users
A file owner in Windows granting
Example with a "Top Secret" clearance can
read/write access to a specific user.
access classified files.